Skip to Navigation Skip to Content

Active Directory PDNS

Today’s advanced threats increasingly use DNS to communicate with malicious C2 infrastructure to encrypt or exfiltrate data, infect other machines, wage botnet attacks, and more.

ThreatSTOP's Protective DNS (PDNS) solutions for Windows Server block dangerous and unwanted DNS queries, prevent communication with malicious infrastructure, and stop attacks early before damage is done.

Active Directory is ubiquitous, and ThreatSTOP can turn AD servers into Protective DNS enforcement points with a simple cloud service, meaning no new software or hardware is required, and the solution can be installed and start blocking threats in under 30 minutes.

  1. Create security policies in the ThreatSTOP portal to protect against specific threat types, geographic locations, and user-defined domains or wildcards
  2. Configure your Windows (DNS) Server 2016+ to run the ThreatSTOP service
  3. Policies are continuously updated with live threat intelligence data curated from global authoritative sources and ThreatSTOP’s research team
  4. View detailed information about the threats blocked on your network and identify infected client machines using advanced web-based reporting

See How We Do It

Learn more about our Protective DNS Solution for Windows Server and Active Directory

DNS Defense Overview

Intelligence collection

We incorporate 900+ threat feeds that are human & machine curated, delivering the broadest coverage in the industry of IP addresses and domains.

CheckIOC Overview UI

Policy customization

Get 600+ fully customizable policies in selectable categories. Tailor your own custom block & allowlists.

Policy Management UI

Device integration

Automated policy updates NGFW, DNS, Router, Switch, IDP, WAF, SIEM and more.

Screen Shot 2021-06-15 at 1.48.59 PM

Advanced reporting

View & analyze blocked threats. Identify affected client devices. Custom email reports & alerts.


Save Time

  • Automate and outsource essential 24/7 security policy updates.
  • Rich reports in our portal or your SIEM.
  • Rapidly identify infected hosts.
  • Research tools, like Check IOC, included.
  • Customize and schedule email reports and alerts.

Save Money

  • Add powerful security to existing devices.
  • Reduce endpoint infections and stop breaches.
  • Reduce load on existing security layers.
  • Eliminate unwanted bandwidth usage.
  • Increase security and network efficiency.

Be More Secure

  • Block connection attempts to criminal infrastructure on all ports and protocols.
  • Continuous, automatic policy updates.
  • Unique and valuable telemetry for SOC's and MSSP's.
  • Customize policies to match security postures.
  • Multivendor security is always a feature, not a bug

Start a 30-day trial

DNS Defense is a Protective DNS solution for all organizations. We provide what you need, at a price you can afford.

Get started

How to deploy

Getting started is as simple as 5 easy steps.

Step 1

Sign up for the service

Step 2

Pick a security policy to use

Step 3

Integrate DNS Defense with your device

Step 4

Start automatically blocking threats

Step 5

See reports detailing the protection

ThreatSTOP Platform

The ThreatSTOP platform is a SaaS security platform with modular product offerings for Protective DNS (PDNS), firewall automation, and other Threat Intel use cases. It integrates with physical, virtual, and hosted security stack components including firewalls, DNS servers, IDPS, SIEM and more. The platform automates threat intelligence acquisition, curation, and timely application for threat mitigation and visibility. Modules include:

Learn More

DNS Defense

Using continuous updates from 900+ Threat Intelligence sources, DNS Defense stops dangerous and unwanted DNS traffic before damage is done.

IP Defense

IP Defense sends automated policy updates to existing firewalls, routers and switches, and stops inbound attacks at network edges, before  damage is done.


This takes the network DNS Defense Service and delivers it to individual endpoints, providing the same security even when these endpoints are outside the corporate network.

Check IoC Subscription

Check IOC is now available as a standalone subscription. We've made it easy to get your hands on tools that give you invaluable data, backed by one of the largest databases that we've been building for over a decade.


The ThreatSTOP Community Account is our way of saying thank you to the security community for everything they do. A Community Account entitles you to run ThreatSTOP on one IP device (firewall, router, etc.) and one DNS device. Community accounts are limited to pre-built policies that include core protections such as the DShield Blocklist and Emergency Handler Blocks.

Learn More

  • DNS Defense CE
  • IP Defense CE
  • MyDNS CE
  • Check IoC Tool

Threats blocked today
Updated every 15 minutes

Free Trial

See what your other security products have been missing. Start Stopping Threats today at the DNS layer. Quick, easy setup.

Get started today